Fix problems with overlapping 'allowed IP subnets' in CP

author: bcyrill <cyrill@bannwart.info> 2013-02-02 20:22:15 +0100
committer: bcyrill <cyrill@bannwart.info> 2013-02-02 20:22:15 +0100
commit: f504b290ff2c8dcf0ba363fb3a7f3aaaa435d28c (patch)
tree: 81489a3bfad9c02667ad6670b98847ba28c6e89f /usr/local/www
parent: 49b12e444ede8b9da4e85cb594df15793433e7f0 (diff)
download: pfsense-f504b290ff2c8dcf0ba363fb3a7f3aaaa435d28c.zip
pfsense-f504b290ff2c8dcf0ba363fb3a7f3aaaa435d28c.tar.gz
2 files changed, 25 insertions, 27 deletions
diff --git a/usr/local/www/services_captiveportal_ip.php b/usr/local/www/services_captiveportal_ip.php
index e0e39d8..410064d 100755
--- a/usr/local/www/services_captiveportal_ip.php
+++ b/usr/local/www/services_captiveportal_ip.php
@@ -67,15 +67,12 @@ if ($_GET['act'] == "del") {
 		$ipent = $a_allowedips[$_GET['id']];
 		
 		if (isset($config['captiveportal'][$cpzone]['enable'])) {
-			if (!empty($ipent['sn'])) {
-				$ipfw = pfSense_ipfw_getTablestats($cpzone, 3, $ipent['ip'], $ipent['sn']);
-				pfSense_ipfw_Tableaction($cpzone, IP_FW_TABLE_DEL, 3, $ipent['ip'], $ipent['sn']);
-				pfSense_ipfw_Tableaction($cpzone, IP_FW_TABLE_DEL, 4, $ipent['ip'], $ipent['sn']);
-			} else {
-				$ipfw = pfSense_ipfw_getTablestats($cpzone, 3, $ipent['ip']);
-				pfSense_ipfw_Tableaction($cpzone, IP_FW_TABLE_DEL, 3, $ipent['ip']);
-				pfSense_ipfw_Tableaction($cpzone, IP_FW_TABLE_DEL, 4, $ipent['ip']);
-			}
+			$mask = (!empty($ipent['sn'])) ? $ipent['sn'] : 32;
+			
+			$ipfw = pfSense_ipfw_getTablestats($cpzone, 3, $ipent['ip'], $mask);
+			pfSense_ipfw_Tableaction($cpzone, IP_FW_TABLE_DEL, 3, $ipent['ip'], $mask);
+			pfSense_ipfw_Tableaction($cpzone, IP_FW_TABLE_DEL, 4, $ipent['ip'], $mask);
+			
 			if (is_array($ipfw)) {
 				captiveportal_free_dn_ruleno($ipfw['dnpipe']);
 				pfSense_pipe_action("pipe delete {$ipfw['dnpipe']}");
diff --git a/usr/local/www/services_captiveportal_ip_edit.php b/usr/local/www/services_captiveportal_ip_edit.php
index 8c8c79e..57201e1 100755
--- a/usr/local/www/services_captiveportal_ip_edit.php
+++ b/usr/local/www/services_captiveportal_ip_edit.php
@@ -95,14 +95,17 @@ if ($_POST) {
 	$pconfig = $_POST;
 
 	/* input validation */
-	$reqdfields = explode(" ", "ip");
-	$reqdfieldsn = array(gettext("Allowed IP address"));
+	$reqdfields = explode(" ", "ip sn");
+	$reqdfieldsn = array(gettext("Allowed IP address"), gettext("Subnet mask"));
 	
 	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
 	
-	if (($_POST['ip'] && !is_ipaddr($_POST['ip']))) 
+	if ($_POST['ip'] && !is_ipaddr($_POST['ip']))
 		$input_errors[] = sprintf(gettext("A valid IP address must be specified. [%s]"), $_POST['ip']);
 	
+	if ($_POST['sn'] && (!is_numeric($_POST['sn']) || ($_POST['sn'] < 1) || ($_POST['sn'] > 32)))
+		$input_errors[] = gettext("A valid subnet mask must be specified");
+	
 	if ($_POST['bw_up'] && !is_numeric($_POST['bw_up']))
 		$input_errors[] = gettext("Upload speed needs to be an integer");
 
@@ -128,16 +131,14 @@ if ($_POST) {
 			$ip['bw_up'] = $_POST['bw_up'];
 		if ($_POST['bw_down'])
 			$ip['bw_down'] = $_POST['bw_down'];
-		$oldmask = "";
 		if (isset($id) && $a_allowedips[$id]) {
 			$oldip = $a_allowedips[$id]['ip'];
 			if (!empty($a_allowedips[$id]['sn']))
-				$oldmask .= "/{$a_allowedips[$id]['sn']}";
+				$oldmask = $a_allowedips[$id]['sn'];
+			else
+				$oldmask = 32;
 			$a_allowedips[$id] = $ip;
 		} else {
-			$oldip = $ip['ip'];
-			if (!empty($ip['sn']))
-				$oldmask .= "/{$ip['sn']}";
 			$a_allowedips[] = $ip;
 		}
 		allowedips_sort();
@@ -145,20 +146,20 @@ if ($_POST) {
 		write_config();
 
 		if (isset($a_cp[$cpzone]['enable']) && is_module_loaded("ipfw.ko")) {
-			if (is_ipaddr($oldip)) { 
-				if (!empty($oldmask))
-					$ipfw = pfSense_ipfw_getTablestats($cpzone, 3, $oldip, $oldmask);
-				else
-					$ipfw = pfSense_ipfw_getTablestats($cpzone, 3, $oldip);
+			$rules = "";
+			if (isset($oldip) && isset($oldmask)) {
+				$ipfw = pfSense_ipfw_getTablestats($cpzone, 3, $oldip, $oldmask);
+				$rules .= "table 3 delete {$oldip}/{$oldmask}\n";
+				$rules .= "table 4 delete {$oldip}/{$oldmask}\n";
+				if (is_array($ipfw)) {
+					$rules .= "pipe delete {$ipfw['dnpipe']}\n";
+					$rules .= "pipe delete " . ($ipfw['dnpipe']+1 . "\n");
+				}
 			}
-			$rules = "table 3 delete {$oldip}\n";
-			$rules .= "table 4 delete {$oldip}\n";
+			$rules .= captiveportal_allowedip_configure_entry($ip);
 			if (is_array($ipfw)) {
 				captiveportal_free_dn_ruleno($ipfw['dnpipe']);
-				$rules .= "pipe delete {$ipfw['dnpipe']}\n";
-				$rules .= "pipe delete " . ($ipfw['dnpipe']+1 . "\n");
 			}
-			$rules .= captiveportal_allowedip_configure_entry($ip);
 			$uniqid = uniqid("{$cpzone}_allowed");
 			@file_put_contents("{$g['tmp_path']}/{$uniqid}_tmp", $rules);
 			mwexec("/sbin/ipfw -x {$cpzone} -q {$g['tmp_path']}/{$uniqid}_tmp");
author	bcyrill <cyrill@bannwart.info>	2013-02-02 20:22:15 +0100
committer	bcyrill <cyrill@bannwart.info>	2013-02-02 20:22:15 +0100
commit	f504b290ff2c8dcf0ba363fb3a7f3aaaa435d28c (patch)
tree	81489a3bfad9c02667ad6670b98847ba28c6e89f /usr/local/www
parent	49b12e444ede8b9da4e85cb594df15793433e7f0 (diff)
download	pfsense-f504b290ff2c8dcf0ba363fb3a7f3aaaa435d28c.zip pfsense-f504b290ff2c8dcf0ba363fb3a7f3aaaa435d28c.tar.gz